Pwn2Own Team Successfully Hacks Tesla Model 3, Takes Home Car And $375K

Tesla builds one of the most tech-infused cars on the roads today. Not only are Tesla vehicles packed with features but they also offer over-the-air updates with new features, fixes and optimizations. Tesla was able to get the price of the Model 3 down to the long-anticipated $35,000 late last month, but a team of security researchers have taken advantage of the open nature of the Tesla Model 3 and were able to hack the car on the last day of the Pwn2Own 2019 hacking contest that was held in Vancouver, Canada.

model3

The team that successfully hacked the Model 3 was called Fluoroacetate and includes two members, Amat Cama, and Richard Zhu. The duo was able to hack the Tesla via its integrated browser in the car. They took advantage of a JIT bug in the browser rendering process to execute code on the car's firmware that showed a message on the infotainment system inside the car.

Since the team was able to hack the car successfully, they get to keep the car and a $35,000 prize as well. Tesla is aware that the team was successful in hacking the vehicle and have issued a statement to ZDNet.

The Tesla spokesperson said, "In the coming days we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today."

Team Fluoroacetate won the three-day contest after earning 36 "Master of Pwn" points for successfully executing exploits on Apple Safari, Firefox, Edge, VMware Workstation, and Windows 10. Overall, the team earned $375,000 in prize money, and their winnings totaled $545,000 over the entire three-day competitions. Trend Micro's Zero-Day Initiative team organizes the Pwn2Own contest. The hacker teams participating know the pre-defined software targets ahead of the competition so they can coordinate efforts before the contest is held.

Show comments blog comments powered by Disqus